Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

•Re: A reasonable temporary password generator?

by merlyn (Sage)
on May 10, 2003 at 11:14 UTC ( #257102=note: print w/replies, xml ) Need Help??


in reply to A reasonable temporary password generator?

Passwords have a lot of different contexts. You don't mention how this is going to be used.

If it's for crypt(3) (like a basicauth password), characters past the 8th don't make any difference, for example. If it's for a human, it'd be nice to be somewhat pronouncable. If it's merely to confirm that an email address is the right one via a round-trip, it can be 64 hex characters instead.

So, tell us more about how this is to be used, and you'll get better answers.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

  • Comment on •Re: A reasonable temporary password generator?

Replies are listed 'Best First'.
Re: •Re: A reasonable temporary password generator?
by Your Mother (Archbishop) on May 10, 2003 at 11:37 UTC
    Good question; sorry I didn't give more. This would just be a placeholder for a new website user account registration, or for a lost password reset, probably md5'd into a DB, no SSL or htpasswd in this case.
      In that case, since a human would have to enter it, I'd stick with 6-to-10 alphanumerics only, but run it past cracklib to make sure it's not trivially brute-forceable, and also have some mechanism to ensure that it gets changed on first use.

      -- Randal L. Schwartz, Perl hacker
      Be sure to read my standard disclaimer if this is a reply.

        Yeah, good point, I wasn't thinking of user-friendly and I should be. More friction means fewer users.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://257102]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2022-01-27 21:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (71 votes). Check out past polls.

    Notices?